The firewall has strengthened some security policies. If you have not set a security policy before placing the firewall, it is time to set it. It may not be written, but can also be used as a security policy. If you do not know what the security policy should do, installing a firewall is the best thing you can do to protect your site, and it is not easy to maintain it at any time. To have a good firewall, you need a good security policy-written and accepted by everyone.
2. A firewall is not a single device in many cases.
Unless in simple cases, firewalls are rarely a single device, but a group of devices. Even if you purchase a commercial "All-in-One" Firewall ApplicationProgramYou also need to configure other machines (such as your network server) to run the same as one of them. These other machines are considered part of the firewall, which includes the configuration and management methods for these machines, what they trust, and what they trust as trusted. You cannot simply choose a device called a firewall, but expect it to take all security responsibilities.
3. Firewalls are not readily available products.
Choosing a firewall is more like buying a house than choosing where to go for a vacation. A firewall is very similar to a house. You must stay with it every day. You have more than one or two weeks to use it. Maintenance is required. Otherwise, the system will crash. To build a firewall, You need to carefully select and configure a solution to meet your needs, and then constantly maintain it. A lot of decisions are required. A correct solution for one site is often wrong for another site.
4. The firewall will not solve all your problems.
Do not expect the firewall to be able to provide you with security on its own. The firewall protects you from a type of attack. People try to attack the inside directly from the outside. But it cannot prevent attacks from the LAN, and it cannot even protect you from all the attacks that it can detect.
5. Use the Default policy.
Under normal circumstances, your approach is to reject any service except that you know the necessary and secure services. However, new vulnerabilities occur every day. Shutting Down insecure services means a sustained war.
6. Conditional compromise, rather than easy.
People like to do insecure things. If you allow all requests, your network will be insecure. If you reject all requests, your network is also insecure and you do not know where the insecure content is hidden. Those who cannot work with you will be at your disadvantage. You need to find a way to meet your needs, although these methods will bring a certain amount of risks.
7. Use stratified means.
And a single device in a single location. You can use multiple security layers to avoid infringement on your concerns caused by a mistake.
8. Only install what you need.
Firewall machines cannot install all the software provided by vendors like normal computers. Machines that are part of the firewall must be installed with minimal installation. Even if you think something is safe, do not install it when you don't need it.
9. Use all available resources.
Do not create a firewall based on the information of a single source, especially if the resource is not from the vendor. There are many resources available for use, such as vendor information, books we have written, email groups, and websites.
10. only believe what you can be sure.
Do not trust the graphic interface's manual and dialog box, or the vendor's statement on how something runs, and check to determine that the connection to be rejected is rejected. Check to determine that all connections that should be allowed are allowed.
11. Constantly reevaluate the decision.
The house you bought five years ago may not be suitable for you today. Similarly, the firewall you installed a year ago is no longer the best solution for your current situation. You should regularly evaluate your decisions on the firewall and confirm that you still have a reasonable solution. Changing your firewall is like moving to a new home. It requires significant effort and careful planning.
12. Be prepared for failure.
Make the worst mental preparations. The machine may stop running, and motivated users may do wrong things. Motivated users may do bad things and successfully defeat you. But you must understand that when these events happen, this is not a complete disaster.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
